PwdLess - Exploitation Tales from RouterLand

Embark on a journey into the mind of an attacker targeting a real consumer IoT device in this 47-minute conference talk from NULLCON Goa 2020. Explore a wide range of techniques including fuzzing, reverse engineering, code injection, and exploit development in constrained environments. Witness the achievement of full remote control over the target device through multiple methods, and gain insights into common patterns in IoT device security. Delve into previously undisclosed vulnerabilities demonstrated live on stage, and learn how remote execution can be achieved even within short timeframes under specific constraints. Examine the security challenges posed by supply chains, device obsolescence, and ongoing security support in the IoT landscape. Benefit from the expertise of Cristofaro Mune, a seasoned professional with over 15 years of experience in software and hardware security assessment of highly secure products.